Permalink
Name already in use
A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?
shib-idp-conftree/conf/intercept/consent-intercept-config.xml
Go to fileThis commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
136 lines (115 sloc)
5.44 KB
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <?xml version="1.0" encoding="UTF-8"?> | |
| <beans xmlns="http://www.springframework.org/schema/beans" | |
| xmlns:context="http://www.springframework.org/schema/context" | |
| xmlns:util="http://www.springframework.org/schema/util" | |
| xmlns:p="http://www.springframework.org/schema/p" | |
| xmlns:c="http://www.springframework.org/schema/c" | |
| xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" | |
| xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd | |
| http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context.xsd | |
| http://www.springframework.org/schema/util http://www.springframework.org/schema/util/spring-util.xsd" | |
| default-init-method="initialize" | |
| default-destroy-method="destroy"> | |
| <!-- Terms of Use configuration --> | |
| <!-- | |
| Terms of use is driven by a lookup function returning a key into messages/consent-messages.properties | |
| The default mapping returns the relying party / SP name as the key. The second example below | |
| demonstrates use of a custom mapping table from the relying party name to the key to use. | |
| --> | |
| <alias alias="shibboleth.consent.terms-of-use.Key" name="shibboleth.RelyingPartyIdLookup.Simple" /> | |
| <!-- | |
| <bean id="shibboleth.consent.terms-of-use.Key" | |
| class="com.google.common.base.Functions" factory-method="compose"> | |
| <constructor-arg name="g"> | |
| <bean class="com.google.common.base.Functions" factory-method="forMap" c:defaultValue="terms-of-use"> | |
| <constructor-arg name="map"> | |
| <map> | |
| <entry key="https://sp.example.org/shibboleth" value="example-terms" /> | |
| </map> | |
| </constructor-arg> | |
| </bean> | |
| </constructor-arg> | |
| <constructor-arg name="f"> | |
| <ref bean="shibboleth.RelyingPartyIdLookup.Simple" /> | |
| </constructor-arg> | |
| </bean> | |
| --> | |
| <!-- Attribute Release configuration --> | |
| <!-- | |
| Attribute release whitelist, blacklist, and match expressions to determine | |
| whether consent should be obtained for an attribute based on the attribute ID. | |
| --> | |
| <util:list id="shibboleth.consent.attribute-release.WhitelistedAttributeIDs"> | |
| <!-- | |
| <value>mail</value> | |
| --> | |
| </util:list> | |
| <util:list id="shibboleth.consent.attribute-release.BlacklistedAttributeIDs"> | |
| <value>transientId</value> | |
| <value>persistentId</value> | |
| <value>eduPersonTargetedID</value> | |
| </util:list> | |
| <!-- | |
| <bean id="shibboleth.consent.attribute-release.MatchExpression" class="java.util.regex.Pattern" factory-method="compile" | |
| c:_0="^exampleAttribute.*$" /> | |
| --> | |
| <!-- | |
| Customize the order in which attributes are displayed. | |
| Attribute IDs not present in this list will be sorted according to their | |
| natural order and displayed subsequent to any attribute IDs specified here. | |
| --> | |
| <!-- | |
| <util:list id="shibboleth.consent.attribute-release.AttributeDisplayOrder"> | |
| <value>mail</value> | |
| </util:list> | |
| --> | |
| <!-- | |
| These beans define mappings between audit log categories and formatting strings. | |
| --> | |
| <!-- | |
| For terms-of-use acceptance, the default entry is : | |
| 'YYYYMMDDTHHMMSSZ|TermsAccepted|jdoe|example-tou-1|rHo...rrw=|true' | |
| For terms-of-use refusal, the default entry is : | |
| 'YYYYMMDDTHHMMSSZ|TermsRejected|jdoe|example-tou-1|rHo...rrw=|false' | |
| --> | |
| <util:map id="shibboleth.consent.terms-of-use.AuditFormattingMap"> | |
| <entry key="Shibboleth-Consent-Audit" value="%T|%SP|%e|%u|%CCI|%CCV|%CCA" /> | |
| </util:map> | |
| <!-- | |
| For attribute-release consent, the default entry is : | |
| 'YYYYMMDDTHHMMSSZ|https://sp.example.org|AttributeReleaseConsent|jdoe|email,eduPersonAffiliation|rHo...rrw=,rHo...rrw=|false,false' | |
| --> | |
| <util:map id="shibboleth.consent.attribute-release.AuditFormattingMap"> | |
| <entry key="Shibboleth-Consent-Audit" value="%T|%SP|%e|%u|%CCI|%CCV|%CCA" /> | |
| </util:map> | |
| <!-- | |
| The beans below need to be defined, even if left empty. They can be ignored in most cases. | |
| If you write your own function to extract a new piece of data for auditing, you can install it into one or more | |
| of the maps below to add it to the auditing framework, keyed by an audit field label to be used in formatting. | |
| --> | |
| <bean id="shibboleth.consent.PreConsentAuditExtractors" parent="shibboleth.consent.DefaultPreConsentAuditExtractors" lazy-init="true"> | |
| <property name="sourceMap"> | |
| <map merge="true"> | |
| </map> | |
| </property> | |
| </bean> | |
| <bean id="shibboleth.consent.ConsentAuditExtractors" parent="shibboleth.consent.DefaultConsentAuditExtractors" lazy-init="true"> | |
| <property name="sourceMap"> | |
| <map merge="true"> | |
| </map> | |
| </property> | |
| </bean> | |
| <!-- | |
| Specify custom symbolic replacements for attribute names to shrink the size of results saved to client-side storage | |
| such as cookies. | |
| --> | |
| <bean id="shibboleth.consent.AttributeSymbolics" parent="shibboleth.consent.DefaultAttributeSymbolics" lazy-init="true"> | |
| <property name="sourceMap"> | |
| <map merge="true"> | |
| <!-- | |
| <entry key="myAttribute" value="900" /> | |
| --> | |
| </map> | |
| </property> | |
| </bean> | |
| </beans> |